vendor/symfony/ux-live-component/src/EventListener/LiveComponentSubscriber.php line 267

  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\UX\LiveComponent\EventListener;
  14. use Psr\Container\ContainerInterface;
  15. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  16. use Symfony\Component\HttpFoundation\Exception\JsonException;
  17. use Symfony\Component\HttpFoundation\Request;
  18. use Symfony\Component\HttpFoundation\Response;
  19. use Symfony\Component\HttpKernel\Event\ControllerEvent;
  20. use Symfony\Component\HttpKernel\Event\ExceptionEvent;
  21. use Symfony\Component\HttpKernel\Event\RequestEvent;
  22. use Symfony\Component\HttpKernel\Event\ResponseEvent;
  23. use Symfony\Component\HttpKernel\Event\ViewEvent;
  24. use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
  25. use Symfony\Component\HttpKernel\Exception\MethodNotAllowedHttpException;
  26. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  27. use Symfony\Component\HttpKernel\Exception\UnprocessableEntityHttpException;
  28. use Symfony\Component\Security\Csrf\CsrfToken;
  29. use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
  30. use Symfony\Contracts\Service\ServiceSubscriberInterface;
  31. use Symfony\UX\LiveComponent\Attribute\AsLiveComponent;
  32. use Symfony\UX\LiveComponent\Attribute\LiveArg;
  33. use Symfony\UX\LiveComponent\LiveComponentHydrator;
  34. use Symfony\UX\TwigComponent\ComponentFactory;
  35. use Symfony\UX\TwigComponent\ComponentMetadata;
  36. use Symfony\UX\TwigComponent\ComponentRenderer;
  37. use Symfony\UX\TwigComponent\MountedComponent;
  39. /**
  40.  * @author Kevin Bond <kevinbond@gmail.com>
  41.  * @author Ryan Weaver <ryan@symfonycasts.com>
  42.  *
  43.  * @experimental
  44.  *
  45.  * @internal
  46.  */
  47. class LiveComponentSubscriber implements EventSubscriberInterfaceServiceSubscriberInterface
  48. {
  49.     private const HTML_CONTENT_TYPE 'application/vnd.live-component+html';
  50.     private const REDIRECT_HEADER 'X-Live-Redirect';
  52.     public function __construct(private ContainerInterface $container)
  53.     {
  54.     }
  56.     public static function getSubscribedServices(): array
  57.     {
  58.         return [
  59.             ComponentRenderer::class,
  60.             ComponentFactory::class,
  61.             LiveComponentHydrator::class,
  62.             '?'.CsrfTokenManagerInterface::class,
  63.         ];
  64.     }
  66.     public function onKernelRequest(RequestEvent $event): void
  67.     {
  68.         $request $event->getRequest();
  70.         if (!$this->isLiveComponentRequest($request)) {
  71.             return;
  72.         }
  74.         if ($request->attributes->has('_controller')) {
  75.             return;
  76.         }
  78.         // the default "action" is get, which does nothing
  79.         $action $request->attributes->get('action''get');
  80.         $componentName = (string) $request->attributes->get('component');
  82.         $request->attributes->set('_component_name'$componentName);
  84.         try {
  85.             /** @var ComponentMetadata $metadata */
  86.             $metadata $this->container->get(ComponentFactory::class)->metadataFor($componentName);
  87.         } catch (\InvalidArgumentException $e) {
  88.             throw new NotFoundHttpException(sprintf('Component "%s" not found.'$componentName), $e);
  89.         }
  91.         if (!$metadata->get('live'false)) {
  92.             throw new NotFoundHttpException(sprintf('"%s" (%s) is not a Live Component.'$metadata->getClass(), $componentName));
  93.         }
  95.         if ('get' === $action) {
  96.             $defaultAction trim($metadata->get('default_action''__invoke'), '()');
  98.             // set default controller for "default" action
  99.             $request->attributes->set('_controller'sprintf('%s::%s'$metadata->getServiceId(), $defaultAction));
  100.             $request->attributes->set('_component_default_action'true);
  102.             return;
  103.         }
  105.         if (!$request->isMethod('post')) {
  106.             throw new MethodNotAllowedHttpException(['POST']);
  107.         }
  109.         if (
  110.             $this->container->has(CsrfTokenManagerInterface::class) &&
  111.             $metadata->get('csrf') &&
  112.             !$this->container->get(CsrfTokenManagerInterface::class)->isTokenValid(new CsrfToken($componentName$request->headers->get('X-CSRF-TOKEN')))) {
  113.             throw new BadRequestHttpException('Invalid CSRF token.');
  114.         }
  116.         if ('_batch' === $action) {
  117.             // use batch controller
  118.             $data $this->parseDataFor($request);
  120.             $request->attributes->set('_controller''ux.live_component.batch_action_controller');
  121.             $request->attributes->set('serviceId'$metadata->getServiceId());
  122.             $request->attributes->set('actions'$data['actions']);
  123.             $request->attributes->set('_mounted_component'$this->hydrateComponent(
  124.                 $this->container->get(ComponentFactory::class)->get($componentName),
  125.                 $componentName,
  126.                 $request
  127.             ));
  128.             $request->attributes->set('_is_live_batch_action'true);
  130.             return;
  131.         }
  133.         $request->attributes->set('_controller'sprintf('%s::%s'$metadata->getServiceId(), $action));
  134.     }
  136.     public function onKernelController(ControllerEvent $event): void
  137.     {
  138.         $request $event->getRequest();
  140.         if (!$this->isLiveComponentRequest($request)) {
  141.             return;
  142.         }
  144.         if ($request->attributes->get('_is_live_batch_action')) {
  145.             return;
  146.         }
  148.         $controller $event->getController();
  150.         if (!\is_array($controller) || !== \count($controller)) {
  151.             throw new \RuntimeException('Not a valid live component.');
  152.         }
  154.         [$component$action] = $controller;
  156.         if (!\is_object($component)) {
  157.             throw new \RuntimeException('Not a valid live component.');
  158.         }
  160.         if (!$request->attributes->get('_component_default_action'false) && !AsLiveComponent::isActionAllowed($component$action)) {
  161.             throw new NotFoundHttpException(sprintf('The action "%s" either doesn\'t exist or is not allowed in "%s". Make sure it exist and has the LiveAction attribute above it.'$action\get_class($component)));
  162.         }
  164.         /*
  165.          * Either we:
  166.          *      A) We do NOT have a _mounted_component, so hydrate $component
  167.          *          (normal situation, rendering a single component)
  168.          *      B) We DO have a _mounted_component, so no need to hydrate,
  169.          *          but we DO need to make sure it's set as the controller.
  170.          *          (sub-request during batch controller)
  171.          */
  172.         if (!$request->attributes->has('_mounted_component')) {
  173.             $request->attributes->set('_mounted_component'$this->hydrateComponent(
  174.                 $component,
  175.                 $request->attributes->get('_component_name'),
  176.                 $request
  177.             ));
  178.         } else {
  179.             // override the component with our already-mounted version
  180.             $component $request->attributes->get('_mounted_component')->getComponent();
  181.             $event->setController([
  182.                 $component,
  183.                 $action,
  184.             ]);
  185.         }
  187.         // read the action arguments from the request, unless they're already set (batch sub-requests)
  188.         $actionArguments $request->attributes->get('_component_action_args'$this->parseDataFor($request)['args']);
  189.         // extra variables to be made available to the controller
  190.         // (for "actions" only)
  191.         foreach (LiveArg::liveArgs($component$action) as $parameter => $arg) {
  192.             if (isset($actionArguments[$arg])) {
  193.                 $request->attributes->set($parameter$actionArguments[$arg]);
  194.             }
  195.         }
  196.     }
  198.     /**
  199.      * @return array{
  200.      *     data: array,
  201.      *     args: array,
  202.      *     actions: array
  203.      *     childrenFingerprints: array
  204.      * }
  205.      */
  206.     private static function parseDataFor(Request $request): array
  207.     {
  208.         if (!$request->attributes->has('_live_request_data')) {
  209.             if ($request->query->has('data')) {
  210.                 $liveRequestData = [
  211.                     'data' => self::parseJsonFromQuery($request'data'),
  212.                     'args' => [],
  213.                     'actions' => [],
  214.                     'childrenFingerprints' => self::parseJsonFromQuery($request'childrenFingerprints'),
  215.                 ];
  216.             } else {
  217.                 $requestData $request->toArray();
  219.                 $liveRequestData = [
  220.                     'data' => $requestData['data'] ?? [],
  221.                     'args' => $requestData['args'] ?? [],
  222.                     'actions' => $requestData['actions'] ?? [],
  223.                     'childrenFingerprints' => $requestData['childrenFingerprints'] ?? [],
  224.                 ];
  225.             }
  227.             $request->attributes->set('_live_request_data'$liveRequestData);
  228.         }
  230.         return $request->attributes->get('_live_request_data');
  231.     }
  233.     public function onKernelView(ViewEvent $event): void
  234.     {
  235.         if (!$this->isLiveComponentRequest($request $event->getRequest())) {
  236.             return;
  237.         }
  239.         if (!$event->isMainRequest()) {
  240.             // sub-request, so skip rendering
  241.             $event->setResponse(new Response());
  243.             return;
  244.         }
  246.         $event->setResponse($this->createResponse($request->attributes->get('_mounted_component')));
  247.     }
  249.     public function onKernelException(ExceptionEvent $event): void
  250.     {
  251.         if (!$this->isLiveComponentRequest($request $event->getRequest())) {
  252.             return;
  253.         }
  255.         if (!$event->getThrowable() instanceof UnprocessableEntityHttpException) {
  256.             return;
  257.         }
  259.         // in case the exception was too early somehow
  260.         if (!$mounted $request->attributes->get('_mounted_component')) {
  261.             return;
  262.         }
  264.         $event->setResponse($this->createResponse($mounted));
  265.     }
  267.     public function onKernelResponse(ResponseEvent $event): void
  268.     {
  269.         $request $event->getRequest();
  270.         $response $event->getResponse();
  272.         if (!$this->isLiveComponentRequest($request)) {
  273.             return;
  274.         }
  276.         if (!\in_array(self::HTML_CONTENT_TYPE$request->getAcceptableContentTypes(), true)) {
  277.             return;
  278.         }
  280.         if (!$response->isRedirection()) {
  281.             return;
  282.         }
  284.         $event->setResponse(new Response(null204, [
  285.             'Location' => $response->headers->get('Location'),
  286.             self::REDIRECT_HEADER => 1,
  287.         ]));
  288.     }
  290.     public static function getSubscribedEvents(): array
  291.     {
  292.         return [
  293.             RequestEvent::class => 'onKernelRequest',
  294.             ControllerEvent::class => 'onKernelController',
  295.             ViewEvent::class => 'onKernelView',
  296.             ResponseEvent::class => 'onKernelResponse',
  297.             ExceptionEvent::class => 'onKernelException',
  298.         ];
  299.     }
  301.     private function createResponse(MountedComponent $mounted): Response
  302.     {
  303.         $component $mounted->getComponent();
  305.         foreach (AsLiveComponent::preReRenderMethods($component) as $method) {
  306.             $component->{$method->name}();
  307.         }
  309.         return new Response($this->container->get(ComponentRenderer::class)->render($mounted), 200, [
  310.             'Content-Type' => self::HTML_CONTENT_TYPE,
  311.         ]);
  312.     }
  314.     private function isLiveComponentRequest(Request $request): bool
  315.     {
  316.         return 'ux_live_component' === $request->attributes->get('_route');
  317.     }
  319.     private function hydrateComponent(object $componentstring $componentNameRequest $request): MountedComponent
  320.     {
  321.         $hydrator $this->container->get(LiveComponentHydrator::class);
  322.         \assert($hydrator instanceof LiveComponentHydrator);
  324.         $mountedComponent $hydrator->hydrate(
  325.             $component,
  326.             $this->parseDataFor($request)['data'],
  327.             $componentName
  328.         );
  330.         $mountedComponent->addExtraMetadata(
  331.             InterceptChildComponentRenderSubscriber::CHILDREN_FINGERPRINTS_METADATA_KEY,
  332.             $this->parseDataFor($request)['childrenFingerprints']
  333.         );
  335.         return $mountedComponent;
  336.     }
  338.     private static function parseJsonFromQuery(Request $requeststring $key): array
  339.     {
  340.         if (!$request->query->has($key)) {
  341.             return [];
  342.         }
  344.         try {
  345.             return json_decode($request->query->get($key), true512\JSON_THROW_ON_ERROR);
  346.         } catch (\JsonException $exception) {
  347.             throw new JsonException(sprintf('Invalid JSON on query string %s.'$key), 0$exception);
  348.         }
  349.     }
  350. }